You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We still have a couple questions before understanding the issue and reviewing the PR:
Is there a publicly available artifact that exhibits this problem? We'd like to understand how Syft makes a package that has no name - it could be that the bug is further upstream, and we need to improve the code where Syft tries to detect the name, rather than drop the malformed package before it's returned by the cataloger.
What happened:
Some of the components I get on a system have an empty name like:
I looked into the code and saw that there is a IsValid function for packages (
syft/syft/pkg/package.go
Lines 83 to 85 in 1aaa644
but not all of the cataloger do respect that.
What you expected to happen:
I would expect that components (packages) that are not valid would not get exported.
Steps to reproduce the issue:
I ran that on a local filesystem.
Anything else we need to know?:
NO
Environment:
Output of
syft version
:latest master, because I also tested with the source and own compilation.
but also 1.11.1
OS (e.g:
cat /etc/os-release
or similar):in my case the following patch helped:
The text was updated successfully, but these errors were encountered: